There is a requirement that an access request should support something like a start date or future activation time.
The idea is:
Is this possible in ISC using workflow triggering and scheduling, or any similar approach?
If scheduling a workflow for an access request can work, could anyone please share the recommended approach or any reference documentation?
There is no Start date feature only end date for Access Requests.
You can use workflow with Access Request submitted Trigger and Wait Action.
Does the start date needs to be selected by requestor or is it kinda fixed ?
Hi @KRM7
Thank you for the suggestion.
The preferred approach is to call the API and provide the date while triggering the workflow.
While reviewing the following document: Workflow Triggers - SailPoint Identity Services Workflow Triggers - SailPoint Identity Services
There are fields such as addDate and removeDate, and it is not clear how they should be validated or used.
Also, there are references to startDate and endDate. It is not clear whether these are directly related to access activation and expiration.
Could you please help clarify:
If there is any example or reference for this flow, please share.
Hi @shsakshi ,
For the respective access profiles, you can attach it to access request workflow. Flow can be as below:-
Your tenant need to have access to adaptive approvals.
Access request submitted trigger —> action form —> Get start date—> add variable as number of days—> pass the wait as number of days and conplete the workflow.
Ideally if I say that this will be activated after 30 days, the execution will happen for 30 days which doesn’t make a lot of sense as per my opinion .
Hope this helps
Hi @shsakshi ,
For any access request, we can select only end date , start date selection is not supported, so we can use a workflow which triggers whenever access request is submitted, but to use this trigger, your tenant should have adaptive approvals enabled, then only you can use the access request submitted trigger.
Check out this community blog post that covers a very similar pattern using workflows with access request triggers and date-based logic, might be a helpful starting point:
Hi @shsakshi ,
we can use the access request submitted trigger in workflow and trigger it when the request is submitted and add a wait step for the delay, then process approval or reject, but for this adaptive approvals should be enabled first.
